Export limit exceeded: 363555 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363555 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363555 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45933 | 1 Kubeview Project | 1 Kubeview | 2025-04-29 | 9.8 Critical |
| KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." | ||||
| CVE-2022-45932 | 1 Linuxfoundation | 1 Opendaylight | 2025-04-29 | 7.5 High |
| A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. | ||||
| CVE-2022-45931 | 1 Linuxfoundation | 1 Opendaylight | 2025-04-29 | 7.5 High |
| A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. | ||||
| CVE-2022-45930 | 1 Linuxfoundation | 1 Opendaylight | 2025-04-29 | 7.5 High |
| A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. | ||||
| CVE-2022-45914 | 1 Electronic Shelf Label Protocol Project | 1 Electronic Shelf Label Protocol | 2025-04-29 | 6.5 Medium |
| The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing. | ||||
| CVE-2022-45885 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-29 | 7 High |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | ||||
| CVE-2022-45470 | 1 Apache | 1 Hama | 2025-04-29 | 7.5 High |
| missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. | ||||
| CVE-2022-45461 | 3 Linux, Opengroup, Veritas | 3 Linux Kernel, Unix, Netbackup | 2025-04-29 | 7.5 High |
| The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | ||||
| CVE-2022-45225 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-29 | 6.1 Medium |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | ||||
| CVE-2022-45017 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | ||||
| CVE-2022-45016 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | ||||
| CVE-2022-44401 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-04-29 | 9.8 Critical |
| Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | ||||
| CVE-2022-44183 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. | ||||
| CVE-2022-44180 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. | ||||
| CVE-2022-44178 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. | ||||
| CVE-2022-44177 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. | ||||
| CVE-2022-44176 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. | ||||
| CVE-2022-44175 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | ||||
| CVE-2022-44174 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. | ||||
| CVE-2022-43709 | 1 Mybb | 1 Mybb | 2025-04-29 | 4.9 Medium |
| MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | ||||